Menu

privacy

As discussed in my prior post Apps, Facebook and the Trust Problem (which I kindly suggest you read first if you haven’t yet), modern day app users have been burned by overzealous sharing of their interactions within apps which leaves them gun shy about logging into Facebook in new, untrusted apps. Today I’d like to continue the discussion regarding a similar shyness that users appear to have developed regarding various IOS features as well.

Contact Lists

Since my app is a multiplayer game, there are various ways to make it as easy as possible for users to play with their friends. As mentioned in the prior post, you can invite partners from your Facebook friends list and similarly you can choose your partners from your IOS contact list as well. Not surprisingly, the user behavior from both actions is very similar. Namely, users seem to be equally shy allowing apps access to their contact list as they are about allowing access to their Facebook friend list.

Starting in IOS 6, Apple added new privacy controls that require permission from the user before an app can access certain data like the user’s contact list, photos, calendar and more. These controls were added because there were severalincidents where less scrupulous companies took advantage of their unfettered access. I consider this a very welcome improvement and I think most people would agree. In retrospect it seems pretty crazy that any developer had full access to a user’s contact list without that user’s knowledge or permission. However, similar to the “Are you sure you want to give this app access to your Facebook info?” dialog box, even the average smartphone user these days will assume the worst and deny access by default. I think it is overall a positive development that users are becoming more concerned about keeping their data private. However, keeping this data private comes at a cost of usability and not participating in the full experience that an app can provide. Perhaps that is a fair tradeoff, but it would be nice to have the best of both worlds.

In the initial version of my app the user was presented with 3 choices when initiating a multiplayer game:

Choose a Facebook Friend

Choose a Contact

Play with a Random Partner

When initially presented with this choice, a whopping 78% of the users chose option number three. It wasn’t even like they clicked on the first two buttons and were scared away by the permission dialog or found that none of their friends were playing the game and went back and chose a random partner. They didn’t even click on the first two buttons. When asked why, my users informed me that they didn’t want to click on the first two links out of fear that the app would spam all of their friends to play the game. So they simply chose to play the game with a person they didn’t know because that was the path with the least amount of risk.

When I examined the user behavior in my game post-launch, this result was easily the most surprising to me. I added the random player option as an after thought. The screen looked a little empty with only two buttons. Maybe the users were just trying to get a feel for how the game works and once they understood, perhaps they would then decide to play with a friend? That turned out to be case at least some of the time. When starting a follow up multiplayer game, 69% of the users chose a random partner as opposed to the initial 78%.

Seeing as how I really want people to enjoy playing my game and I strongly believe that playing games with your friends as opposed to random strangers is a lot more fun and makes you more invested in the game, having more than half of my players choosing random partners was an unpleasant realization. For the next version, I added two things: 1) A fourth option where you can enter your partner’s email address or username manually without giving access to your contact list, and 2) a short message near the first two buttons stating explicitly that we don’t share or store your friend list or contact list. Both of these changes dropped the percentage of the time that a user chose a random partner down to around 60%. In the upcoming version of the app I am now incentivizing users with in-app currency for playing with friends instead of random partners. I plan on reporting back later how much that has changed the equation.

I wish there was an easy way to get across to my users the fact that I am not some unscrupulous spammer trying to take advantage of every opportunity for my own gain. I attempt to explain this in my privacy policy, but how many people really read those? Unfortunately there is no concise way to explain to an average user that when I access their facebook friend list or contact list I go to the trouble of one-way hashing all of their friend’s facebook ids and email addresses. Only the hashes are sent to my server in order to show which of their friends are already registered and which ones aren’t. I couldn’t spam their friends or sell their contact list to a third party even if I wanted to.

Push and Local Notifications

And now we come to the most abused feature of smartphone apps: push and local notifications. In a world where installs cost upwards of $2 each, if developers are given a completely free, unrestricted marketing channel to retain their users then we shouldn’t be surprised when it is abused.

For fun, try an experiment. Go download the top 10 free apps on the App Store and agree to receive push notifications in all of them. Then wait 24 hours and see what crazy assortment of endless nagging and begging you have received in the meantime. Here is an example of the ridiculousness on the left. It is completely absurd. I totally understand why most of my users aren’t accepting push notifications.

It’s not just the constant begging and pleading either. Recently, Apple/IOS commentator extraordinaire John Gruber complained loudly on Twitter about the number of push notifications he was receiving via the official Twitter app.

Since Twitter is a fairly reputable company, I’m going to give them the benefit of the doubt that their barrage of notifications is not malicious and is infact due more to a poor algorithm. The algorithm probably works fine at pointing out “important” tweets for the average user, but goes totally haywire for Twitter power users like Mr. Gruber. Although Twitter may want to fix that algorithm quickly since you’d think the people they would like to annoy the least would be their power users.

So no matter the reason, smartphone users have been trained over the last few years that if they don’t want to be constantly harassed, even by reputable apps, it is easier to just auto-deny push notifications entirely. Even if you would like to be notified that your partner is done and it’s now your turn to play, there is a high likelihood that the app will end up sounding like your ex, crying and pleading with you to come back if you carelessly leave it alone for a few hours. It is much easier than having to root around in the Settings app, find the Notifications section, find the app in question and then click the 4 different buttons required to purge push notifications from all various locations after the fact.

Recently, Brendan Mulligan wrote an interesting post about how best to pre-prompt a user explaining the benefits of your push notifications before popping up the IOS push notification dialog. I followed his advice for my app and only after registration I concisely explain that we only send relevant push notifications about the games you are playing, no begging or pleading, and I ask the user if they are OK with us sending only these necessary notifications. And how many of those users accept them? 35%. And I assume that is a much better percentage than if my app just immediately prompted the user with no explanation that it wanted them to accept push notifications.

What makes the problem even worse is Local Notifications which are similar to Push Notifications, but are initiated from within the app rather than from the server side. Prior to IOS 8, for some unknown reason Local Notifications don’t require any opt-in by the user, and therefore they are the favored way to nag users to come back to apps. Does anyone really think that users want every app they have to bug them every day to come back? Does this meaningfully increase user retention in the long run? Has anyone ever ran a real A/B test and accurately measured the impact, including measuring how many people never come back to the app because it is easier to just delete the app rather than going into the Settings app to disable the notifications? Or are developers just assuming that it is net positive for user retention because everyone else seems to be doing it?

Framing the Problem

As I see it, there are at least 2 problems that I have pointed out:

Users are afraid to let apps access their contact lists or Facebook friend lists out of fear that the app may end up spamming their friends to also install the app.

Users tend to disallow push notifications by default, assuming that the notifications will be more annoying than useful.

Some might argue that users being protective of their sensitive information and eschewing push notifications is not a problem that needs to be rectified, and that argument certainly has some merit. But I would argue that if an app provides real value in exchange for access to a user’s contact list and/or push notifications then users denying by default are having subpar experiences in the app and are doing themselves a disservice.

So if we can agree that in at least some cases that this is a problem, how can we as developers and/or Apple or someone else rectify the situation?

What To Do

I could plead with my fellow developers to try harder to treat their users with respect and not fall prey to ill-advised ways to gain or retain users. I might as well plead with everyone on the Internet not to send spam email or create computer viruses, but I’ll give a plea a try anyway. Look, I get why developers are employing some of these shady methods. Acquiring and retaining users is really, really hard, or at least really expensive. As long as sleazy tactics work, or at least are perceived to work, people will (ab)use them. We have to compete with Candy Crush and Clash Of Clans which have insanely high LTVs which means they can spend a bunch of money acquiring users. So we try to take advantage any way we can. But please, put the users first and think about whether some retention feature is something that won’t completely annoy your users 99.9% of the time. Chances are that you are losing more users than you are retaining in the long run with some of these questionable actions.

(Full Disclosure: I decided to add the somewhat questionable “Please rate my app” pop-up in my app, but I have it configured to not pop up very often and one of the choices is “Never remind me again” which I think is fair for a free app. You are free to disagree and call me a hypocrite.)

As far as what Apple can do, they appear to be fixing the Local Notification opt-in issue in IOS 8 which should certainly cut down that annoyance channel. But what else can they do either in the OS or through the app review process? Here are some possible ideas I’m going to throw out, in no particular order and with no guarantee that any of these will make one lick of difference:

Require apps that access a user’s contact list (and other sensitive information) to have an explicit privacy policy that clearly explains how that information is used. Publish guidelines on what is and is not acceptable to do with the information. Review during the app review process.

Come up with an explicit policy of what developers can and cannot do with push (and local) notifications and enforce it through the app review process.

Limit the number of push notifications that each app can send and enforce the limit in the push notification system. Obviously this could be an issue with some chatty applications such as instant messaging/social networking applications where one could conceivably get hundreds of legitimate notifications per day, so perhaps allow the user to specify the limit on a per app basis?

Make opting out of push and local notifications much less cumbersome. For instance, if there was some way to easily disable notifications from within the notification itself, perhaps that would encourage users not to disallow by default as much.

Allow for a developer-created explanation of what the push notifications will be used for when the notification opt-in pop-up is shown to the user, similar to the way developers can customize the messages that show up when they request access to the contact list, camera, etc.

Finally, what can anyone else do to help the situation? There are independent third party privacy verification companies out there, although they aren’t going to cover things like “this app doesn’t annoy you to come back every day.” Plus, getting certified by them costs time and money that most independent developers probably couldn’t afford.

Perhaps we developers could come up with something similar. Some sort of alliance where we pledge to not be dicks and then we get the right to put some sort of logo in our app. If enough developers do that, then the users will learn that when they see the logo that means that the app developer has pledged to treat them as adults and they will be more trusting as a result. The biggest issues with this proposed solution of course would be the fact that not everyone agrees on what constitutes dickish behavior and enforcement would also be an issue. I guess if the logo was copyrighted, you could complain to Apple on copyright infringement grounds if there were developers using the logo and not following the pledge.

Maybe greedy developers have already burned too many bridges and we are at a point of no return where app users are going to always be suspicious of apps and will auto-deny access by default. Perhaps when we create new apps we shouldn’t put too much effort into features that require a user’s permission anymore if the majority will not grant access even when we make a strong case for the benefit of doing so. If that’s the case, then the user experience of future apps will certainly suffer, which is a shame.

Please let me know if you have any other good ideas for how best we can solve these issues. I would love to hear them.